IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa_uuid: prevent false positives on modifies

Browse Source 
If a modify operation does not specify our attribute then we need to short
circuit the loop, otherwise on enforcing we will return an error by mistake if
we are not Directory Manager because generate is false if the attr is not
found.
This commit is contained in:
Simo Sorce 2010-10-26 18:28:01 -04:00
parent 99a7f83c3c
commit 1bfd0f8791
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
View File

@ -784,6 +784,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
bool generate;
int ret = LDAP_SUCCESS;
bool locked = false;
bool set_attr;
LOG_TRACE("--in-->\n");
@ -891,6 +892,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
cfgentry = (struct configEntry *) list;
generate = false;
set_attr = false;
/* Did we already service this attr? */
if (ipauuid_list_contains_attr(generated_attrs,
@ -936,6 +938,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
}
slapi_ch_free_string(&value);
/* always true on add if we match the scope */
set_attr = true;
break;
case LDAP_CHANGETYPE_MODIFY:
@ -952,6 +957,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
continue;
}
/* ok we found the attr so that means we are going to set it */
set_attr = true;
/* If all values are being deleted, we need to
* generate a new value. */
if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod))) {
@ -1026,9 +1034,15 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
if (slapi_entry_attr_find(resulting_e,
cfgentry->attr, &attr) != 0) {
generate = true;
set_attr = true;
}
}
/* nothing to do keep looping */
if (!set_attr) {
continue;
}
if (generate) {
char *new_value;